Cloud Computing


TMCnews Featured Article


September 28, 2010

Security in Cloud Computing Possible and Measurable

By Rajani Baburajan, TMCnet Contributor


Cloud computing solutions are the economically viable options for several businesses; however, there are rising concerns over the security and privacy of these services.

To allay this fear, Broadband Testing, an independent test lab, and Spirent Communications (News - Alert), a provider of test and measurement solution, announced a new report that confirms that security in virtualized data center and cloud computing environments is both possible and measurable.

The report provides a detailed account of how HP TippingPoint’s Secure Virtualization Framework (SVF) solution is able to create a secure virtual data center environment, resisting all recognized attacks.

The report says that security can be rigorously tested under “real world” operating and attack conditions using Spirent’s pioneering cloud computing testing solutions with performance, availability, security and scalability or ‘PASS’ methodology.

The outcome of this report is that “We can trust cloud,” says Steve Broadhead, founder and director, broadband testing.

“Virtual security works in theory but, until there was a way to test it thoroughly under realistic conditions, solution vendors have had a hard time convincing their customers. Without Spirent we could not have done this – the testing proved not only highly rigorous, but also quite simple to set up and run,” Broadhead added.

“Testing a complex hard-wired system can be tough, but at least the structure remains static,” added Broadhead. “The Cloud is a good description from a network testers’ perspective of the relative shapelessness of the virtual environment. Until the test process itself could be virtualized, the cloud remained pretty opaque.”

Broadband Testing, in conjunction with Spirent Avalanche, tested internal and external-to-internal traffic under normal operating and extreme conditions as well as a wide range of attack scenarios. The solution could block all the threats in the HP TippingPoint signature, the only ones that passed were those not yet added to the then-current database.

Introduced in April this year, Spirent Avalanche Virtual is the first solution to test the performance, availability, security and scale of virtualized network appliances as well as cloud-based applications across public, private and hybrid cloud environments, according to company officials.

According to company officials, the virtual environment under test was truly representative of the next generation IT environment in that it included physical and virtual elements – with the HP TippingPoint IPS and SVF, as well as the test bed itself, consisting of physical and virtual versions of Spirent Avalanche.

“The key takeaway was that testing with Spirent stressed the capability of the security solution right to its limits,” David Hill, Spirent’s vice president for EMEA, said. “People assume that security is the final objective, when what is really needed is a precise way to quantify and tailor the level of security in a complex system. ‘Tried and tested’ means more than any amount of theoretical argument in this case.”

With hybrid physical/virtual environments becoming the norm, there is the need to find new test methodologies to prove that these solutions actually deliver performance, security and scalability, according to company officials.

“The economic benefits of cloud computing are overwhelming, but so are the security concerns of network operators and their customers,” Hill continued. “This independent report breaks that deadlock, as reliable testing now makes it easy for system vendors to mitigate the risks of migrating to the cloud, while optimizing resource utilization under an exhaustive range of real-world operating and threat scenarios.”


Rajani Baburajan is a contributing editor for TMCnet. To read more of Rajani's articles, please visit her columnist page.

Edited by Erin Monda